Stack Overflow
Stack Overflow

Questions tagged [jbcrypt]

The Java implementation of OpenBSD's Blowfish password hashing code.

jBCrypt is the Java implementation of OpenBSD's Blowfish password hashing code, as described in "A Future-Adaptable Password Scheme" by Niels Provos and David Mazières.

This system hashes passwords using a version of Bruce Schneier's Blowfish block cipher with modifications designed to raise the cost of off-line password cracking and frustrate fast hardware implementation. The computation cost of the algorithm is parametised, so it can be increased as computers get faster. The intent is to make a compromise of a password database less likely to result in an attacker gaining knowledge of the plaintext passwords (e.g. using John the Ripper).

jBCrypt is licensed under a ISC/BSD licence (see the LICENSE file for details) and ships with a set of JUnit unit tests to verify correct operation of the library and compatibility with the canonical C implementation of the bcrypt algorithm.

The project home page http://www.mindrot.org/projects/jBCrypt/.

39 questions
29
votes
2 answers

Decode the Bcrypt encoded password in Spring Security to deactivate user account

I am working on web application project in Spring Hibernate MVC. I am storing encoded passwords in a database using Bcrypt algorithm in Spring security. Now I want to get that encoded password to be decoded to deactivate a use account where in I am…
arch
  • 1,363
  • 2
  • 14
  • 30
26
votes
10 answers

BCrypt.checkpw() Invalid salt version exception

I'm trying to implement authentication using BCrypt, in my Play 2.1. Java application, but I'm getting Invalid salt version exception when I'm trying to authenticate the user. This is my stack trace play.api.Application$$anon$1: Execution…
ziky90
  • 2,627
  • 4
  • 33
  • 47
17
votes
3 answers

What to use for password hashing? Any reason not to use jBCrypt?

I'm planning to use jBCrypt for password hashing in a new web application, as it is supposed to be the best from what I've read. As I haven't used it before I'm looking into if there is any reason not to use it. I have this: I haven't found it in…
user14070
14
votes
1 answer

How to use jBCrypt for password hash comparison?

I am having trouble getting a plaintext password and a previous hash to match using BCrypt's checkpw(plaintextpw, previoushash) method. In a register servlet I take the entered password, hash it using BCrypt's hashpw(password, genSalt) method and…
VNorman
  • 235
  • 2
  • 12
10
votes
1 answer

Using jBCrypt to salt passwords in Android App causes a long hang

I am using the jBCrypt Library to hash user passwords when they register using my app. I am using the basic hash function, with a salt, like so: String pass = BCrypt.hashpw(rawPass, BCrypt.gensalt()); I noticed a one to two minute hang when…
WilHall
  • 11,644
  • 6
  • 31
  • 53
7
votes
0 answers

jBcrypt: BCrypt.checkpw suddenly takes ~30 times as long

In our web-application, we use jBcrypt for hashing passwords. We use 13 log_rounds when hashing the password. Normally, BCrypt.checkpw() takes about 1 second. But from time to time (after a few days), it suddenly starts getting slow and takes almost…
Matthias M.
  • 211
  • 3
  • 7
6
votes
2 answers

Does Apache Shiro support bCrypt?

Does the Apache Shiro Authentication Framework support the use of the bCrypt password hashing algorithm? If not, is there a way to get it working with Shiro? Are there any other Authentication frameworks like Shiro supporting bCrypt, other than…
Kramer786
  • 1,238
  • 1
  • 12
  • 26
6
votes
2 answers

Variable and degrading performance when using jbcrypt

I'm using jbcrypt to hash passwords in a project. Performance is about 500 ms when validating passwords on the hardware I am using (log_rounds set to 12). However, after a while with regular use the performance time suddenly drops to a whopping 15…
sstendal
  • 3,148
  • 17
  • 22
5
votes
1 answer

Why can't Gradle resolve org.connectbot.jbcrypt:jbcrypt:1.0.0 from the Maven Central Repository?

I'm using Gradle 6.9 and here is my build.gradle file: plugins { id "groovy" id "java" } group "com.matthiasdenu" version "1.0-SNAPSHOT" repositories { mavenCentral() maven { url 'https://repo.jenkins-ci.org/releases/' …
matthiasdenu
  • 323
  • 4
  • 18
4
votes
2 answers

How to add the jbcrypt library in Android Studio

Probably a very silly problem but I cannot add jbcrypt from mindrot.org https://www.mindrot.org/projects/jBCrypt/ to my existing android studios application.
Nic Parmee
  • 145
  • 1
  • 16
4
votes
1 answer

Convert password hashing from SHA to bcrypt

This questions has been answered in this Stack Overflow question already, but it's not Grails-specific and is also kind of vague. I set my Grails app up with Spring Security, but apparently didn't get the newest version, because it defaulted to…
Charles Wood
  • 864
  • 8
  • 23
3
votes
1 answer

Is the $2y$ bcrypt hash version supported by Spring 5 Security?

I searched through the Documentation for Spring 5 Security but I could not find a reference to the BCrypt $2y$ version prefix anywhere. When looking through the source code, though, I found one reference in the Javadoc of the PasswordEncoder: can…
Titulum
  • 9,928
  • 11
  • 41
  • 79
3
votes
3 answers

How can I make bcrypt in php and jbcrypt in java compatible

I want to make register page in php and make the password hashed with bcrypt and put in database. I also want to make a login system in Java, and get the password in the same password, using jbcrypt. How can I make jbcrypt and bcrypt in php…
Sandro Medeiros
  • 41
  • 1
  • 3
3
votes
2 answers

How to check two hashed passwords are the same?

I'm writing a program where I use MD5 to hash login details before I send them to a server, but there I have to compare it to a blowfish (jBCrypt) hashed password retrieved from a database. jBCrypt uses: if (BCrypt.checkpw("candidatePassword",…
Vladimir
  • 417
  • 5
  • 20
2
votes
1 answer

How to compare hashed password from 2 servlets using jBCrypt

I'm having problems on how and where to compare the password that I hashed on my registration servlet and the one that i hashed on my Login. servlet. Hoping you guys could help me. Thanks. login servlet: String password =…
NicoleR.
  • 21
  • 3
1
2 3